Adobe streamlines Flash Player updates by going silent
And it drops Flash support for Microsoft's IE6
Computerworld - Adobe yesterday released Flash Player 11.2, adding silent updating to speed patching of "zero-day" vulnerabilities in the Windows edition.
"Improving the update process is probably the single most important challenge we can tackle for our customers at this time," Peleus Uhley, a senior security researcher at Adobe, said in a Tuesday blog entry.
On Windows -- silent update will come to the Mac later, the company said -- Flash Player 11.2 checks for security updates, then downloads and installs them without bothering the user.
The background update tool pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later.
The updater's default setting can be changed so that Flash Player continues to notify the user when updates are available.
Like Mozilla's Firefox, which is also working toward silent updates, Flash Player relies on a customized Windows service to automatically install patches without displaying a User Account Control (UAC) prompt in Windows Vista and Windows 7.
Flash Player 11.2's background updater refreshes both versions of the Windows plug-in: The one used by Microsoft's Internet Explorer and the one for all other browsers. "This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other browsers," Uhley said.
Chrome is the exception, since Google's browser includes Flash Player; Chrome's own update mechanism will continue to handle Flash patches.
Everyone could use a break from manually patching Flash Player. Adobe has already rolled out two batches of fixes this year, most recently on March 5, and it patched Flash nine different times in 2011.
Uhley cautioned that not every update would use the new mechanism.
"We will be making the decision to silently install on a case-by-case basis," said Uhley, who hinted that it would primarily be used to distribute patches for zero-day vulnerabilities where time is of the essence.
Adobe acknowledged that it's following Chrome's footsteps in silent updating. "This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach," said Uhley. "We are hoping to have similar success."
Also yesterday, Adobe said it was demoting Flash Player on Internet Explorer 6 (IE6), the browser that Microsoft has been trying to kill for more than two-and-a-half years.
"Adobe will be dropping support for Internet Explorer 6 starting with today's release of Flash Player 10.3," said Uhley.
Future versions of Flash Player 10.3 will probably run on IE6 -- installation of the ActiveX control on the nearly-11-year-old browser won't be blocked -- but Adobe will no longer guarantee that Flash will work on the aged application.
Flash Player 11.2 for Windows can be downloaded from Adobe's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!